Test ID:	1.3.6.1.4.1.25623.1.0.56859
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1089-1)
Summary:	The remote host is missing an update for the Debian 'freeradius' package(s) announced via the DSA-1089-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'freeradius' package(s) announced via the DSA-1089-1 advisory. Vulnerability Insight: Several problems have been discovered in freeradius, a high-performance and highly configurable RADIUS server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-4744 SuSE researchers have discovered several off-by-one errors may allow remote attackers to cause a denial of service and possibly execute arbitrary code. CVE-2006-1354 Due to insufficient input validation it is possible for a remote attacker to bypass authentication or cause a denial of service. The old stable distribution (woody) does not contain this package. For the stable distribution (sarge) this problem has been fixed in version 1.0.2-4sarge1. For the unstable distribution (sid) this problem has been fixed in version 1.1.0-1.2. We recommend that you upgrade your freeradius package. Affected Software/OS: 'freeradius' package(s) on Debian 3.1. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-4744 14775 http://www.securityfocus.com/bid/14775 16712 http://secunia.com/advisories/16712 19497 http://secunia.com/advisories/19497 19518 http://secunia.com/advisories/19518 19811 http://secunia.com/advisories/19811 20060404-01-U ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc 20461 http://secunia.com/advisories/20461 DSA-1089 http://www.debian.org/security/2006/dsa-1089 MDKSA-2006:066 http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:066 RHSA-2006:0271 http://rhn.redhat.com/errata/RHSA-2006-0271.html freeradius-token-sqlunixodbc-dos(22211) https://exchange.xforce.ibmcloud.com/vulnerabilities/22211 http://www.freeradius.org/security/20050909-response-to-suse.txt http://www.freeradius.org/security/20050909-vendor-sec.txt https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167676 oval:org.mitre.oval:def:10449 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10449 Common Vulnerability Exposure (CVE) ID: CVE-2006-1354 BugTraq ID: 17171 http://www.securityfocus.com/bid/17171 Debian Security Information: DSA-1089 (Google Search) http://www.gentoo.org/security/en/glsa/glsa-200604-03.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:060 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10156 RedHat Security Advisories: RHSA-2006:0271 http://securitytracker.com/id?1015795 http://secunia.com/advisories/19300 http://secunia.com/advisories/19405 http://secunia.com/advisories/19527 SGI Security Advisory: 20060404-01-U SuSE Security Announcement: SUSE-SA:2006:019 (Google Search) http://lists.suse.de/archive/suse-security-announce/2006-Mar/0009.html http://www.trustix.org/errata/2006/0020 http://www.vupen.com/english/advisories/2006/1016 XForce ISS Database: freeradius-eap-mschapv2-auth-bypass(25352) https://exchange.xforce.ibmcloud.com/vulnerabilities/25352
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.